Commit 05f92841 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

config_PutPsz: fix potential use-after-free

The new config value is duplicated, and the copy is stored to the
configuration. After the configuration R/W lock is released, we have no
warranty that another thread does not change the same configuration
item, and free our own copy. Admittedly, this is very unlikely.

Instead, we can simply pass the original string from the caller to the
callback - that one must remain valid through the config_PutPsz()
function call by definition.
(cherry picked from commit 6b35f6ff)
parent 6bb9f299
......@@ -253,7 +253,7 @@ void config_PutPsz( vlc_object_t *p_this,
const char *psz_name, const char *psz_value )
{
module_config_t *p_config;
vlc_value_t oldval, val;
vlc_value_t oldval;
p_config = config_FindConfig( p_this, psz_name );
......@@ -282,13 +282,13 @@ void config_PutPsz( vlc_object_t *p_this,
p_config->value.psz = NULL;
p_config->b_dirty = true;
val.psz_string = (char *)p_config->value.psz;
vlc_rwlock_unlock (&config_lock);
if( p_config->pf_callback )
{
vlc_value_t val;
val.psz_string = (char *)psz_value;
p_config->pf_callback( p_this, psz_name, oldval, val,
p_config->p_callback_data );
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment